Network security frequently requires packet inspection and filtering, including applying blocking, forwarding, or redirection rules to incoming packets. These rules may be quite complex, based on a combination of information from one or more layers of the packet. As a result, a rules database on a security appliance may become quite large, with significant storage requirements. Additionally, for large rule sets, it may take significant time to compare the packet information to each rule within the database, resulting in delays and inefficiencies within the system.